Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-04 16:48:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add token authentication, only admin can use api

Browse source
This commit is contained in:
huneau romain 2017-05-11 12:15:02 +02:00
parent 548172949a
commit b5271e5346
9 changed files with 50 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
models/boards.js
View file

@ -557,6 +557,7 @@ if (Meteor.isServer) {
//BOARDS REST API
if (Meteor.isServer) {
JsonRoutes.add('GET', '/api/boards', function (req, res, next) {
Authentication.checkUserId(req.userId);
JsonRoutes.sendResult(res, {
code: 200,
data: Boards.find({ permission: 'public' }).map(function (doc) {
@ -569,6 +570,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('GET', '/api/boards/:id', function (req, res, next) {
Authentication.checkUserId( req.userId);
const id = req.params.id;
JsonRoutes.sendResult(res, {
code: 200,
@ -577,6 +579,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('POST', '/api/boards', function (req, res, next) {
Authentication.checkUserId( req.userId);
const id = Boards.insert({
title: req.body.title,
members: [
@ -599,6 +602,7 @@ if (Meteor.isServer) {
});
JsonRoutes.add('DELETE', '/api/boards/:id', function (req, res, next) {
Authentication.checkUserId( req.userId);
const id = req.params.id;
Boards.remove({ _id: id });
JsonRoutes.sendResult(res, {